Original reporting and feature articles on the latest privacy developments

Rich Appointed Head of Consumer Protection

The Federal Trade Commission (FTC) has announced Chairwoman Edith Ramirez’s appointment of seven senior staff members, including Jessica Rich, a privacy expert who will now serve as director of the Bureau of Consumer Protection.

In an interview with the IAPP, Rich said privacy is an area in which the FTC believes consumer protection is very important and that—in line with Ramirez’s emphasis on the agency being aggressive on privacy—the commission will use the tools in its belt to “the fullest extent possible” to protect consumers. She noted the FTC’s authority under Section 5 and special statutes including the Fair Credit Reporting Act, Gramm-Leach-Bliley and COPPA.

Though it’s a contentious era when it comes to privacy as the EU-U.S. Free Trade agreement is negotiated, Do-Not-Track efforts seem to be stalled and mobile app developers struggle to create a self-regulatory scheme, Rich says she’s not intimidated by the challenges the job will present.

“I’m excited about all the challenges; it’s not that I’m dreading them,” she said.

AdAge reports advertisers predict Rich will run the division in a similar style to her predecessor, David Vladeck. CEO Lee Peeler of the Advertising Self-Regulatory Council said Rich is “smart” and “very practical,” according to the report.

Rich’s storied history with privacy includes having served as the acting associate director and assistant director of the FTC Bureau of Consumer Protection's Division of Privacy and Identity Protection. She helped create the FTC’s privacy framework. She has also worked as assistant director in the Division of Financial Practices. She began her career with the FTC 20 years ago as an attorney. In 2011, Rich received the FTC’s highest award for meritorious service, the “Chairman’s Award.”

Rich told the IAPP she plans to focus on addressing the expansion of mobile and new uses of technology, national advertising, financial services, fraud and the ways all of these issues may interact.

“I’m really excited about promoting consumer protection from a board vantage point,” she said. “So, for example, the data broker issue can have implications for not just privacy but for sales of data as venues for fraudulent purposes, and mobile payments have consequences for your pocketbook but also privacy, and there’s a lot of relationships between these different areas of consumer protection.”

So how should firms ensure they’re crossing their Ts and dotting their Is in a way that keeps them off of Rich’s naughty list? Address privacy by following the three basic guidelines provided in the FTC’s final privacy report.

“If you think about our basic recommendations, they really are a recipe for staying out of trouble,” Rich said.

The first: Privacy by Design.

“If you think about privacy from the start and you build it into your business model and your technology tools, you’re going to be way ahead of the game. It’s way harder to add things later,” she said.

Second: Transparency.

“Tell consumers what you’re doing with their data, and do it in a clear way that’s easy to understand,” she said.

Third: Choice.

“Give consumers choice about the uses of data that aren’t obvious, that wouldn’t be expected, that aren’t integral to the transaction they’re engaged in,” she said.

She added that if firms follow those three basic rules within their basic business models, they’ll be “way ahead” of many competitors.

As she returns to privacy after some time in financial practices, she plans to start reaching out to reconnect with privacy folks—both businesses and consumers groups.

The most immediate challenge ahead?

“Packing up my office to move over to the other building,” she said, laughing. “But I’m really excited about the issues.”

0 Comments

Related

Google has been given leave to appeal a decision that users can claim damages for a breach of the UK Data Protection Act (DPA). The Supreme Court ruled on Tuesday that the Google v. Vidal-Hall case, referred to by IAPP VP of Research and Education Omer Tene as the "European Privacy Judicial Decision of a Decade," can go back to court yet again
Read more

Given what they saw as a lack of regulations to protect consumers against potential harms as a result of increasingly pervasive and surreptitious online tracking, college buddies Chandler Givens and Ryan Flach have decided to do something about it themselves. Last week, they launched TrackOFF, software designed to allow consumers to combat digital tracking from their own computers.
Read more

Next week, Ellen Giblin, CIPP/C, CIPP/G, CIPP/US, will start the job she’s been waiting for most of her adult life. But the fact that she’s landed a position there is in no way accidental. She’s been very strategic about each line she’s added to her resume.
Read more

Whether you are a privacy professional practicing in the EU or not, you’ve probably been watching the headlines this summer about the EU’s General Data Protection Regulation (GDPR) and the ongoing trilogue process. After all, the GDPR is expected to have far-reaching implications for organizations—and anyone who works in privacy—well beyond the EU’s borders. It’s probably not a surprise, then, that the IAPP Europe Data Protection Congress 2015 will feature keynotes and educational sessions to help you prepare for the changes the GDPR is sure to bring with it.
Read more

In June, mobile identity company TeleSign commissioned a study on consumers’ concerns about online security and their exposure to breaches. It found that, amidst increasing reports of well publicized breaches, 80 percent of consumers are worried about their online security and 40 percent have experienced a security incident within the past year. It also found that 73 percent of online accounts use the duplicated passwords and more than half of consumers use five or fewer passwords across their entire online life. Given statistics like those, TeleSign has launched a campaign aimed at educating consumers on what it says is the future of mobile identity, two-factor authentication.
Read more

Tags

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.